package com.hq.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.HashMap;
import java.util.Map;


/*
* 8+2逻辑原则
* 1.过滤器
* 2.安全管理器
* 3.自定义realm
* 4.session管理器  有默认可以不写
* 5.加密管理  可以不加密
* 6.方言
* 7.开启全局注解交给spring
* 8.缓存管理 可以不写*/
@Configuration
public class ShiroConfig {

    @Bean  //开启全局注解交给spring
    public AuthorizationAttributeSourceAdvisor getAuthorizationAttributeSourceAdvisor(DefaultWebSecurityManager manager){
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(manager);
        return advisor;
    }

    @Bean //方言
    public ShiroDialect getShiroDialect(){
        return new ShiroDialect();
    }

    @Bean  //加密
    public HashedCredentialsMatcher getHashedCredentialsMatcher(){
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        //设置编码格式是MD5
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        //设置迭代次数是1
        hashedCredentialsMatcher.setHashIterations(1);
        return hashedCredentialsMatcher;
    }

    @Bean  //session管理
    public DefaultSessionManager getDefaultSessionManager(){
        DefaultSessionManager defaultSessionManager = new DefaultSessionManager();
        //默认session是30分钟的有效期，设置成10分钟
        defaultSessionManager.setGlobalSessionTimeout(10*60*1000);
        return defaultSessionManager;
    }

    @Bean  //自定义realm
    public MyRealm getMyRealm(){
        MyRealm myRealm = new MyRealm();
        myRealm.setCredentialsMatcher(getHashedCredentialsMatcher());
        return myRealm;
    }

    @Bean  //安全管理器
    public DefaultWebSecurityManager getSecurityManager(MyRealm myRealm,DefaultSessionManager defaultSessionManager){
        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setRealm(myRealm);
        manager.setSessionManager(defaultSessionManager);
        return manager;
    }

    //1.过滤器
    @Bean  //将返回值交给spring容器管理
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(DefaultWebSecurityManager securityManager){
        //将过滤器交给shiro安全管理器
        ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
        filter.setSecurityManager(securityManager);
        //设置过滤规则
        Map<String,String> map = new HashMap<>();
        //登陆页面和登陆访问可以匿名访问
        map.put("/login.html","anon");
        map.put("/user/login","anon");
        //注册页面和注册访问可以匿名访问
        map.put("registry.html","anon");
        map.put("/user/registry","anon");
        map.put("/static/**","anon");  //静态资源全部匿名访问
        map.put("/logout","logout");//退出操作
        map.put("/**","authc"); //剩下全部需要进行身份验证才可以访问
        filter.setFilterChainDefinitionMap(map);  //过滤规则交给过滤器
        //登陆页面设置和未进行认证的用户跳转到登陆页面
        filter.setLoginUrl("login.html");
        filter.setUnauthorizedUrl("login.html");
        filter.setSuccessUrl("index.html");//设置登陆成功的页面
        return filter;
    }

}
